Communication system using access control for mobile terminals with respect to local network

ABSTRACT

In a communication system, even when a mobile terminal device belonging to some mobile carrier does not have a right or a qualification for accessing the fixed communication network via the local network/gateway that is given in advance, this mobile terminal device is enabled to access the fixed communication network via the local network/gateway, by carrying out a procedure for paying the fee from the user of the mobile terminal device to the fixed communication network provider or a procedure for monitoring the mobile terminal device. Also, a device other than the mobile terminal device is enabled to access the resource in the mobile carrier network to which the mobile terminal device belongs, from the local network through the mobile terminal device.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to a mobile communication systemusing a mobile terminal device which is capable of accessing both amobile communication network and a local network simultaneously and agateway device for relaying between a fixed communication network and alocal network.

[0003] 2. Description of the Related Art

[0004] In conjunction with the rapid spread of cellular phones and theInternet, the Internet service using a cellular phone as a terminal hasbeen developed by the mobile carriers. This is a service in which amodule for processing a communication protocol called TCP/IP used in theInternet is provided in the cellular phone so as to enable WWW service,e-mail delivery, static image and video image data transfer, etc. Thisservice has an advantage in that it becomes possible to freely accessnot just information closed within the communication service providerbut also various information available on the Internet that is spreadingworldwide, and for this reason the number of users of this service isincreasing rapidly.

[0005] Now, the cellular phone Internet service that has an enormousnumber of users encounters a serious problem regarding how to assignaddresses to terminals. Currently, the Internet faces with the problemof IP address shortage in view of the ever increasing number of nodes(routers and terminals), and in the current IPv4, it has been customaryto use an address system called private address that is closed within anorganization for accesses in an enterprise network and to use globaladdresses only for accesses to the external of the organization byutilizing the address conversion. Similarly, in the case of the cellularphone Internet service, it is currently customary to use the privateaddress within the cellular phone network by providing an addressconversion device (NAT: Network Address Translator) at a border betweenthe IP packet network of the cellular phone company and the globalInternet.

[0006] On the other hand, the next generation IP specification calledIPv6 is currently under the development. The IPv6 can accommodate farmore nodes compared with the IPv4 by expanding the IP address from a 32bits width as used in the IPv4 to a 128 bits width. Similarly, in thecase of the cellular phone Internet service, it is possible to assignunique global addresses to all terminals by adopting the IPv6. In thisway, communications using a seamless end-to-end connection that does notrequire a relay device such as NAT on the communication path can berealized by using a wide address space, and it is expected to beadvantageous in many aspects including the security and the quality ofservice (QoS). Also, the IPv6 has a function called addressautoconfiguration for automatically generating an address from a networkID managed by each router and a unique ID of the device, and this isexpected to make the management of hosts easier.

[0007] Also, recently, in conjunction with the advance of the wirelesstechnology, the techniques for locally connecting various types ofdevices by a wireless network have been developed. One such technique isthe wireless standard called Bluetooth which connects devices in shortdistances by using 2.4 GHz unlicensed radio band. In the Bluetooth,devices can carry out mutual data communications by forming an ad-hocnetwork called pico-net. The similar network specification also includesthe HomeRF which is intended for use in the home network.

[0008] Now, consider a situation in which the packet service based onthe IPv6 scheme is introduced into the cellular phone network, forexample, such that the Internet access via the cellular phone networkand the ISP (Internet Service Provider) network is possible according tothe IPv6. Here, it is assumed that, in the home network, the Internetaccess is made via a gateway device and this gateway device is connectedwith various devices through a local (wireless) network such asBluetooth or the like. On the other hand, it is also assumed that theportable terminal is capable of accessing the Internet via the cellularphone network and the portable terminal is also capable of accessing theBluetooth network by using another communication interface. Namely,consider a situation where the user of the cellular phone receivesservices by accessing the IP network of the cellular phone network whilethe user is located outside the home, and receives services by accessingthe gateway connected to the fixed ISP network, via the Bluetoothnetwork, while the user is located inside the home.

[0009] Here, when an attempt to access the Bluetooth network inside thehome is made by using a portable terminal, the access is not necessarilypossible for every portable terminal. Considering that it is inside thehome, it is possible to consider a control such that the access ispossible for those portable terminals that have an access right or anaccess qualification such as portable terminals owned by the familymembers, but the access to the Bluetooth network is not permitted forany other portable terminals. However, this is a rather inflexiblepolicy because the Internet access using the home network is notpermitted at all for visitors other than the family members.

[0010] In particular, in the case of the fixed access network that isnot necessarily limited to the home network, it is preferable to use acontrol such that those terminals that have the membership qualificationcan access for free, and even non-member terminals can access uponpayment of appropriate fee. Else, at least when the terminal with nopermission given in advance is accessing the access network, there is aneed to acquire the log information of that access so as to realize themonitoring for preventing the illegal act by the malicious user, even ifno fee is to be charged.

[0011] In other words, it is preferable to permit access even for theterminal with no permission given in advance after carrying out theprescribed charging or log acquisition processing, rather than simplypermitting access only for those portable terminals that have carriedout the user registration.

[0012] There is also a problem regarding how an access made from adevice in the fixed network or from the Internet via the gateway in theopposite direction should be connected to a resource in the cellularphone network. Namely, the cellular phone user is responsible for allthe accesses in general, so that there is a need for the cellular phoneto function as proxy after carrying out the appropriate authenticationsequence.

[0013] For example, there is a need to prevent an attack to or anillegal use of the resource on the cellular phone network side byverifying the authenticity of the access by communicating a prescribedmessage or authentication code with the cellular phone or by making anentry into a cellular phone network access list provided in the gateway,such that the portable terminal permits the access to the resource inthe cellular phone network only when the authenticity is verified andfilters out any other messages.

BRIEF SUMMARY OF THE INVENTION

[0014] It is therefore an object of the present invention to provide acommunication system in which a mobile terminal device belonging to somemobile carrier network can access a fixed communication network via alocal network/gateway even when this mobile terminal device does nothave a right or a qualification for accessing the fixed communicationnetwork via the local network/gateway that is given in advance.

[0015] It is another object of the present invention to provide acommunication system in which a device other than the mobile terminaldevice can access the resource in the mobile carrier network to whichthe mobile terminal device belongs, from the local network through themobile terminal device.

[0016] According to one aspect of the present invention there isprovided a communication system, comprising: a mobile terminal devicecapable of accessing both a mobile communication network and a localnetwork simultaneously; and a gateway device provided between a fixedcommunication network and the local network; the mobile terminal devicehaving: an identification information notification unit configured tonotify a device identification information of the mobile terminal deviceand a mobile carrier identification information of a mobile carrier towhich the mobile terminal device belongs, to the gateway device, at atime of accessing the fixed communication network from the local networkthrough the gateway device; and a user response notification unitconfigured to notify a user response indicating user's acceptance orrefusal of an accounting condition notified from the gateway device, tothe gateway device; and the gateway device having: an accountingcondition notification unit configured to notify the accountingcondition for the mobile terminal device to access the fixedcommunication network through the gateway device when the deviceidentification information notified from the mobile terminal device isnot registered at the gateway device in advance, to the mobile terminaldevice; and a user message notification unit configured to notify amessage indicating the device identification information and the mobilecarrier identification information notified from the mobile terminaldevice, and a fact that a user of the mobile terminal device asidentified by the device identification information and the mobilecarrier identification information has accepted a payment of a feeaccording to the accounting condition to a fixed communication networkprovider through the mobile carrier identified by the mobile carrieridentification information, to a fixed communication network side, whenthe user's response indicating user's acceptance of the accountingcondition is notified from the mobile terminal device.

[0017] According to another aspect of the present invention there isprovided a communication system, comprising: a mobile terminal devicecapable of accessing both a mobile communication network and a localnetwork simultaneously; and a gateway device provided between a fixedcommunication network and the local network; the mobile terminal devicehaving: an identification information notification unit configured tonotify a device identification information of the mobile terminal deviceand a mobile carrier identification information of a mobile carrier towhich the mobile terminal device belongs, to the gateway device, at atime of accessing the fixed communication network from the local networkthrough the gateway device; and the gateway device having: a checkingunit configured to check whether the mobile terminal device is relatedto any illegal user or not according to the device identificationinformation and the mobile carrier identification information notifiedfrom the mobile terminal device when the device identificationinformation notified from the mobile terminal device is not registeredat the gateway device in advance; and an access control unit configuredto permit an access to the fixed communication network by the mobileterminal device and start a processing for monitoring the access to thefixed communication network by the mobile terminal device through thegateway device, when the mobile terminal device is not related to anyillegal user as a result of checking by the checking unit.

[0018] According to another aspect of the present invention there isprovided a communication system, comprising: a mobile terminal devicecapable of accessing both a mobile communication network and a localnetwork simultaneously; and a gateway device provided between a fixedcommunication network and the local network; the mobile terminal devicehaving: an authentication unit configured to carry out an authenticationof a communication device which is either located on the local networkor connected through the gateway device, when a request for access to amobile communication network side via the mobile terminal device isreceived from the communication device through the local network; and arelay unit configured to start a processing for relaying packets fromthe communication device to the mobile communication network side whenthe authentication by the authentication unit succeeds.

[0019] According to another aspect of the present invention there isprovided a communication system, comprising: a mobile terminal devicecapable of accessing both a mobile communication network and a localnetwork simultaneously; and a gateway device provided between a fixedcommunication network and the local network; the gateway device having:a processing unit configured to judge whether a packet received from afixed communication network side and destined to a mobile communicationnetwork side via the mobile terminal device is to be relayed to themobile terminal device or not according to an attribute of the packetupon receiving the packet; and a transfer unit configured to transferthe packet to the mobile terminal device through the local network whenthe packet is judged to be relayed by the processing unit; and themobile terminal device having: an authentication unit configured tocarry out an authentication of a communication device, when a requestfor access to the mobile communication network side via the mobileterminal device is received from a communication device located on thelocal network; and a relay unit configured to start a processing forrelaying packets from the communication device to the mobilecommunication network side when the authentication by the authenticationunit succeeds.

[0020] According to another aspect of the present invention there isprovided a mobile terminal device capable of accessing both a mobilecommunication network and a local network simultaneously, the mobileterminal device comprising: a first communication interface providedwith respect to the mobile communication network; a second communicationinterface provided with respect to the local network; a packetcommunication unit configured to carry out first packet communicationsthrough the first communication interface and second packetcommunications through the second communication interface; anidentification information notification unit configured to notify adevice identification information of the mobile terminal device and amobile carrier identification information of a mobile carrier to whichthe mobile terminal device belongs, to a gateway device provided betweena fixed communication network and the local network, at a time ofaccessing the fixed communication network via the gateway device,through the second communication interface; and a user responsenotification unit configured to notify a user response indicating user'sacceptance or refusal of a condition for the mobile terminal device toaccess the fixed communication network through the gateway device thatis presented from the gateway device after the device identificationinformation and the mobile carrier identification information arenotified to the gateway device by the identification informationnotification unit.

[0021] According to another aspect of the present invention there isprovided a mobile terminal device capable of accessing both a mobilecommunication network and a local network simultaneously, the mobileterminal device comprising: a first communication interface providedwith respect to the mobile communication network; a second communicationinterface provided with respect to the local network; a packetcommunication unit configured to carry out first packet communicationsthrough the first communication interface and second packetcommunications through the second communication interface; anauthentication unit configured to carry out an authentication of acommunication device which is either located on the local network orconnected through a gateway device provided between a fixedcommunication network and the local network, when a request for accessto a mobile communication network side via the mobile terminal device isreceived from the communication device through the second communicationinterface; and a relay unit configured to start a processing forrelaying packets from the communication device to the mobilecommunication network side when the authentication by the authenticationunit succeeds.

[0022] According to another aspect of the present invention there isprovided a gateway device provided between a fixed communication networkand a local network, the gateway device comprising: a firstcommunication interface provided with respect to the fixed communicationnetwork; a second communication interface provided with respect to thelocal network; a packet communication unit configured to carry out firstpacket communications through the first communication interface andsecond packet communications through the second communication interface;an accounting condition notification unit configured to notify anaccounting condition for a mobile terminal device to access the fixedcommunication network through the gateway device when a procedure foraccessing the fixed communication network from the mobile terminaldevice is received through the second communication interface and adevice identification information notified from the mobile terminaldevice is not registered at the gateway device in advance, to the mobileterminal device; and a user message notification unit configured tonotify a message indicating the device identification information and amobile carrier identification information notified from the mobileterminal device, and a fact that a user of the mobile terminal device asidentified by the device identification information and the mobilecarrier identification information has accepted a payment of a feeaccording to the accounting condition to a fixed communication networkprovider through the mobile carrier identified by the mobile carrieridentification information, to a fixed communication network side, whena user response indicating user's acceptance of the accounting conditionis notified from the mobile terminal device through the secondcommunication interface.

[0023] According to another aspect of the present invention there isprovided a gateway device provided between a fixed communication networkand a local network, the gateway device comprising: a firstcommunication interface provided with respect to the fixed communicationnetwork; a second communication interface provided with respect to thelocal network; a packet communication unit configured to carry out firstpacket communications through the first communication interface andsecond packet communications through the second communication interface;a checking unit configured to check whether a mobile terminal device isrelated to any illegal user or not according to a device identificationinformation and a mobile carrier identification information notifiedfrom the mobile terminal device when a procedure for accessing the fixedcommunication network from the mobile terminal device is receivedthrough the second communication interface and the device identificationinformation notified from the mobile terminal device is not registeredat the gateway device in advance; and an access control unit configuredto permit an access to the fixed communication network by the mobileterminal device and start a processing for monitoring the access to thefixed communication network by the mobile terminal device through thegateway device, when the mobile terminal device is not related to anyillegal user as a result of checking by the checking unit.

[0024] According to another aspect of the present invention there isprovided a gateway device provided between a fixed communication networkand a local network, the gateway device comprising: a firstcommunication interface provided with respect to the fixed communicationnetwork; a second communication interface provided with respect to thelocal network; a packet communication unit configured to carry out firstpacket communications through the first communication interface andsecond packet communications through the second communication interface;a processing unit configured to judge whether a packet received from afixed communication network side and destined to a mobile communicationnetwork side via a mobile terminal device which is capable of accessingboth a mobile communication network and the local networksimultaneously, is to be relayed to the mobile terminal device throughthe second communication interface or not according to an attribute ofthe packet upon receiving the packet from the fixed communicationnetwork side through the first communication interface; and a transferunit configured to transfer the packet to the mobile terminal devicethrough the second communication interface when the packet is judged tobe relayed by the processing unit.

[0025] According to another aspect of the present invention there isprovided a method for controlling a mobile terminal device capable ofaccessing both a mobile communication network and a local networksimultaneously, the method comprising: notifying a device identificationinformation of the mobile terminal device and a mobile carrieridentification information of a mobile carrier to which the mobileterminal device belongs, to a gateway device provided between a fixedcommunication network and the local network, at a time of accessing thefixed communication network via the gateway device, through the localnetwork; and notifying a user response indicating user's acceptance orrefusal of a condition for the mobile terminal device to access thefixed communication network through the gateway device that is presentedfrom the gateway device after the device identification information andthe mobile carrier identification information are notified to thegateway device.

[0026] According to another aspect of the present invention there isprovided a method for controlling a mobile terminal device capable ofaccessing both a mobile communication network and a local networksimultaneously, the method comprising: carrying out an authentication ofa communication device which is either located on the local network orconnected through a gateway device provided between a fixedcommunication network and the local network, when a request for accessto a mobile communication network side via the mobile terminal device isreceived from the communication device; and starting a processing forrelaying packets from the communication device to the mobilecommunication network side when the authentication succeeds.

[0027] According to another aspect of the present invention there isprovided a method for controlling a gateway device provided between afixed communication network and a local network, the method comprising:notifying an accounting condition for a mobile terminal device to accessthe fixed communication network through the gateway device when aprocedure for accessing the fixed communication network from the mobileterminal device is received through the local network and a deviceidentification information notified from the mobile terminal device isnot registered at the gateway device in advance, to the mobile terminaldevice; and notifying a message indicating the device identificationinformation and a mobile carrier identification information notifiedfrom the mobile terminal device, and a fact that a user of the mobileterminal device as identified by the device identification informationand the mobile carrier identification information has accepted a paymentof a fee according to the accounting condition to a fixed communicationnetwork provider through the mobile carrier identified by the mobilecarrier identification information, to a fixed communication networkside, when a user response indicating user's acceptance of theaccounting condition is notified from the mobile terminal device throughthe local network.

[0028] According to another aspect of the present invention there isprovided a method for controlling a gateway device provided between afixed communication network and a local network, the method comprising:checking whether a mobile terminal device is related to any illegal useror not according to a device identification information and a mobilecarrier identification information notified from the mobile terminaldevice when a procedure for accessing the fixed communication networkfrom the mobile terminal device is received through the local networkand the device identification information notified from the mobileterminal device is not registered at the gateway device in advance; andpermitting an access to the fixed communication network by the mobileterminal device and starting a processing for monitoring the access tothe fixed communication network by the mobile terminal device throughthe gateway device, when the mobile terminal device is not related toany illegal user as a result of checking.

[0029] According to another aspect of the present invention there isprovided a method for controlling a gateway device provided between afixed communication network and a local network, the method comprising:judging whether a packet received from a fixed communication networkside and destined to a mobile communication network side via a mobileterminal device which is capable of accessing both a mobilecommunication network and the local network simultaneously, is to berelayed to the mobile terminal device through the local network or notaccording to an attribute of the packet upon receiving the packet fromthe fixed communication network side; and transferring the packet to themobile terminal device through the local network when the packet isjudged to be relayed.

[0030] According to another aspect of the present invention there isprovided a computer program product for causing a computer to control amobile terminal device capable of accessing both a mobile communicationnetwork and a local network simultaneously, the computer program productcomprising: first computer program codes for causing the computer tonotify a device identification information of the mobile terminal deviceand a mobile carrier identification information of a mobile carrier towhich the mobile terminal device belongs, to a gateway device providedbetween a fixed communication network and the local network, at a timeof accessing the fixed communication network via the gateway device,through the local network; and second computer program codes for causingthe computer to notify a user response indicating user's acceptance orrefusal of a condition for the mobile terminal device to access thefixed communication network through the gateway device that is presentedfrom the gateway device after the device identification information andthe mobile carrier identification information are notified to thegateway device.

[0031] According to another aspect of the present invention there isprovided a computer program product for causing a computer to control amobile terminal device capable of accessing both a mobile communicationnetwork and a local network simultaneously, the computer program productcomprising: first computer program codes for causing the computer tocarry out an authentication of a communication device which is eitherlocated on the local network or connected through a gateway deviceprovided between a fixed communication network and the local network,when a request for access to a mobile communication network side via themobile terminal device is received from the communication device; andsecond computer program codes for causing the computer to start aprocessing for relaying packets from the communication device to themobile communication network side when the authentication succeeds.

[0032] According to another aspect of the present invention there isprovided a computer program product for causing a computer to control agateway device provided between a fixed communication network and alocal network, the computer program product comprising: first computerprogram codes for causing the computer to notify an accounting conditionfor a mobile terminal device to access the fixed communication networkthrough the gateway device when a procedure for accessing the fixedcommunication network from the mobile terminal device is receivedthrough the local network and a device identification informationnotified from the mobile terminal device is not registered at thegateway device in advance, to the mobile terminal device; and secondcomputer program codes for causing the computer to notify a messageindicating the device identification information and a mobile carrieridentification information notified from the mobile terminal device, anda fact that a user of the mobile terminal device as identified by thedevice identification information and the mobile carrier identificationinformation has accepted a payment of a fee according to the accountingcondition to a fixed communication network provider through the mobilecarrier identified by the mobile carrier identification information, toa fixed communication network side, when a user response indicatinguser's acceptance of the accounting condition is notified from themobile terminal device through the local network.

[0033] According to another aspect of the present invention there isprovided a computer program product for causing a computer to control agateway device provided between a fixed communication network and alocal network, the computer program product comprising: first computerprogram codes for causing the computer to check whether a mobileterminal device is related to any illegal user or not according to adevice identification information and a mobile carrier identificationinformation notified from the mobile terminal device when a procedurefor accessing the fixed communication network from the mobile terminaldevice is received through the local network and the deviceidentification information notified from the mobile terminal device isnot registered at the gateway device in advance; and second computerprogram codes for causing the computer to permit an access to the fixedcommunication network by the mobile terminal device and start aprocessing for monitoring the access to the fixed communication networkby the mobile terminal device through the gateway device, when themobile terminal device is not related to any illegal user as a result ofchecking.

[0034] According to another aspect of the present invention there isprovided a computer program product for causing a computer to control agateway device provided between a fixed communication network and alocal network, the computer program product comprising: first computerprogram codes for causing the computer to judge whether a packetreceived from a fixed communication network side and destined to amobile communication network side via a mobile terminal device which iscapable of accessing both a mobile communication network and the localnetwork simultaneously, is to be relayed to the mobile terminal devicethrough the local network or not according to an attribute of the packetupon receiving the packet from the fixed communication network side; andsecond computer program codes for causing the computer to transfer thepacket to the mobile terminal device through the local network when thepacket is judged to be relayed.

[0035] Other features and advantages of the present invention willbecome apparent from the following description taken in conjunction withthe accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0036]FIG. 1 is a block diagram showing an exemplary configuration of acommunication system according to one embodiment of the presentinvention.

[0037]FIG. 2 is a block diagram showing an exemplary configuration of agateway device in the communication system of FIG. 1.

[0038]FIG. 3 is a block diagram showing an exemplary configuration of amobile terminal device in the communication system of FIG. 1.

[0039]FIG. 4 is a diagram for explaining the exemplary case where aprovider provides a local wireless service with respect to a public areain the communication system according to the present invention.

[0040]FIG. 5 is a diagram for explaining the exemplary case where acellular phone user pays fee for the local network access in thecommunication system according to the present invention.

[0041]FIG. 6 is a diagram showing one example of a message containing anaffiliated carrier information that can be used in the communicationsystem according to the present invention.

[0042]FIG. 7 is a diagram for explaining the exemplary case of carryingout a log management for actions of a mobile terminal device in thecommunication system according to the present invention.

[0043]FIG. 8 is a sequence chart for a processing in the case where amobile terminal device enters a local network in the communicationsystem according to the present invention.

[0044]FIG. 9 is a diagram for explaining the exemplary case where adevice on a local network side accesses a resource on a cellular phonenetwork side in the communication system according to the presentinvention.

[0045]FIG. 10 is a flow chart showing an exemplary processing procedureof a mobile terminal device in the case of relaying packetcommunications in the communication system according to the presentinvention.

DETAILED DESCRIPTION OF THE INVENTION

[0046] Referring now to FIG. 1 to FIG. 10, one embodiment of acommunication system according to the present invention will bedescribed in detail.

[0047]FIG. 1 shows an exemplary configuration of a communication systemaccording to this embodiment.

[0048] In FIG. 1, a region enclosed by a dashed line 12 corresponds to amobile carrier network portion. In the mobile carrier network 12, aplurality of network links are connected through a cellular phonenetwork 6 and router devices 4. Each router device 4 has at leastfunctions of an ordinary router (such as a router compatible with theIPv4 or the IPv6, for example).

[0049] The mobile carrier network 12 is assumed to be originallyproviding the ordinary voice communication service, but a configurationfor providing the ordinary voice communication service is omitted inFIG. 1. Note that this embodiment is directed to the exemplary casewhere one mobile carrier manages its own packet communication network asa single management domain, but there can also be cases where one mobilecarrier has a plurality of management domains, cases where a pluralityof mobile carriers have a single common management domain, and anycombination of these cases.

[0050] The mobile terminal device 20 (such as a portable terminal or acellular phone, for example) will be connected to the correspondingnetwork link through a wireless base station 5 corresponding to ageographic location of the mobile terminal device 20. Then, the mobileterminal device 20 becomes capable of carrying out packet communications(according to the IPv4 or the IPv6) with a node located within the samenetwork link, a node within the same management domain through therouter device 4, or a node (such as a server 8, for example) locatedoutside the management domain through the router device 4 and theInternet 7.

[0051] Note that there can be a plurality of mobile carrier networks 12which are operated by different mobile carriers. In such a case, it isassumed that the mobile terminal device 20 belongs to one of thesemobile carriers.

[0052] On the other hand, in FIG. 1, a region enclosed by a chain line11 corresponds to a home network portion. In the home network 11,various types of devices 2 and a gateway 1 are connected through a homelocal network 3. In this embodiment, the home local network 3 is assumedto be a local wireless network such as Bluetooth, for example. Themobile terminal device 20 has a function for accessing this home localnetwork 3.

[0053] A plurality of home networks 11 and 11′ can be connected to asingle ISP network 9. Each one of the home networks 11 and 11′ hasbasically the same configuration (although the detailed configurationmay be different).

[0054] The gateway device 1 of the home network 11 is assumed to beconnected to the external Internet 7 through a fixed communicationnetwork 9 (which is assumed to be an ISP network here).

[0055] Note that this embodiment is directed to the exemplary case whereone Internet service provider manages its own ISP network as a singlemanagement domain, but there can also be cases where one serviceprovider has a plurality of management domains, cases where a pluralityof service providers have a single common management domain, and anycombinations of these cases.

[0056] The mobile terminal device 20 and the devices 2 connected to thehome local network 3 are capable of carrying out packet communications(according to the IPv4 or the IPv6) with the server 8 on the Internet 7through the gateway device 1 and the ISP network 9 (after carrying out aprescribed procedure). In addition, they are also capable of carryingout packet communications (according to the IPv4 or the IPv6) with aserver 10 for providing services limited only to members within the ISPnetwork 9, for example, when such a server 10 exists.

[0057] Note that, in FIG. 1, the dashed line 12 and the chain line 11are depicted only for the sake of explaining the basic configurationlogically, and they do not indicate an area covered by the wirelessnetwork. In this embodiment mobile terminal device 20 is assumed to becapable of accessing both the mobile carrier network 12 and the homelocal network 3 simultaneously.

[0058]FIG. 2 shows an exemplary configuration of the gateway device 1 inthis embodiment.

[0059] As shown in FIG. 2, this gateway device 1 comprises a firstcommunication interface 31 for accessing the ISP network 9, a secondcommunication interface 32 for accessing the home local network 3, adata relay unit 33 for relaying between the first and secondcommunication interfaces 31 and 32, a local network connectionpermission list 34, a telephone network access permission list 35, andan authentication and accounting processing unit 36. If necessary, thedata relay device 33 may include a function for carrying out a protocolconversion, a media conversion, etc., at a time of relaying between thefirst and second communication interfaces 31 and 32.

[0060] The local network connection permission list 34 registers a listof device IDs of the devices that can be connected to the local network3 on the second communication interface 32 side. The authentication andaccounting processing unit 36 looks up a group of necessary servers suchas an accounting server and a log server according to a message from themobile terminal device 20, and carries out the necessary transaction.The telephone network access permission list 35 registers a listindicating a source address, a protocol type, a port number, etc., forenabling a direct access to the cellular phone network 6 side from theISP network 9 side through the gateway device 1, the home local network3 and the mobile terminal device 20.

[0061] Note that the local network connection permission list 34 isnecessary in the case of using a configuration that supports theaccounting or log function. The authentication and accounting processingunit 36 is necessary in the case of using a configuration that supportsthe accounting function. The telephone network access permission list 35is necessary in the case of using a configuration in which the mobileterminal device 20 has a function for relaying from the local network 3side to the cellular phone network 6 and the gateway device 1 has afunction for judging whether the relaying is permitted or not.

[0062]FIG. 3 shows an exemplary configuration of the mobile terminaldevice 20 in this embodiment.

[0063] As shown in FIG. 3, this mobile terminal device 20 comprises afirst communication interface 23, for accessing the mobile carriernetwork 12, a second communication interface 24 for accessing the homelocal network 3, a voice communication unit 21 for carrying out ordinaryvoice communications, a packet communication unit 22 for carrying outpacket communications (according to the IPv4 or the IPv6), an IDregister 25, an identification message generation unit 26, and anauthentication unit 27.

[0064] The identification information such as the device ID (informationfor uniquely identifying the device) and an affiliated carrierinformation (such as an affiliated carrier ID which is information foruniquely identifying the affiliated mobile carrier) of the mobileterminal device 20 is stored in the ID register 25. The identificationmessage generation unit 26 generates a message containing thatidentification information and transfers it via an appropriate interfacewhenever necessary. The authentication unit 27 includes anauthentication key memory 28 and an authentication processing unit 29,and carries out the prescribed authentication processing at a time of anaccess from the local network 3 side to the cellular phone network 6.

[0065] The ID register 25 and the identification message generation unit26 are necessary in the case of using a configuration that supports theaccounting or log function. The authentication unit 27 is necessary inthe case of using a configuration in which the mobile terminal device 20has a function for relaying from the local network 3 side to thecellular phone network 6.

[0066] In the following, the operation of the communication system inthis embodiment will be described in detail.

[0067] First, the authentication policy in the case where the mobileterminal device accesses the local network will be considered. Ingeneral, it is not preferable to allow arbitrary terminal to access thelocal network from a viewpoint of the security, so that someauthentication processing is necessary. For example, in the case of thehome network, only the cellular phones owned by the family members areallowed to access the local network. Namely, this is a policy in whichthe device ID is checked to see if it matches with the access permissionlist registered in advance, and the access is permitted only for thedevice with the device ID that matches with the access permission list.

[0068] However, in this case, it is impossible to provide a service bywhich a visitor makes an ISP access via that home network, for example,unless the tedious processing for rewriting the setting file is carriedout. In this embodiment, certain level of services are to beconditionally provided to such non-registered users as well.

[0069] Now, in general it is not preferable to allow the unspecifiedusers to use the local network mainly for the following two reasons.

[0070] (1) The cost for the use of the local network should be paid.

[0071] This point becomes clearer in an exemplary case where the mobilecarrier A provides a local wireless service with respect to a publicarea (see FIG. 4), for example, rather than the case of the homenetwork. This local wireless network is formed by the open specificationsuch as Bluetooth, so that the service can be received not only by auser of a portable terminal of the mobile carrier A but also by users ofportable terminals of the other mobile carriers B and C, as far as thewireless specification is concerned.

[0072] However, from a viewpoint of the mobile carrier A, it is notdesirable to allow the users of the other mobile carriers to use its ownlocal wireless network which is provided by the facility investment madeby the mobile carrier A, without some compensation.

[0073] But, if there is a mechanism for accounting the appropriateutilization fees to the users using the portable terminals of the othermobile carriers B and C, it is possible for the mobile carrier A toallow only those users who agreed to pay the fees to make the connectionto its own local wireless network, in view of the convenience of theseusers. In other words, there can be cases where the connection can bepermitted even for the non-registered user as long as this user iswilling to pay the utilization fee. To this end, there is a need toprovide links with the accounting mechanism and the authenticationmechanism.

[0074] (2) The use of the local network can be permitted if there is amonitoring mechanism for preventing the illegal act such as networkattack by the malicious users.

[0075] On the other hand, if there are malicious users who are likely tocommit the illegal act such as network attack, it is not desirable toallow the use of the local network to the unspecified devices from aviewpoint of the security as well as from the fact that the user whoowns the local network will be held responsible according to the currentISP contract. Namely, there can be a policy for allowing the connectionunder the condition that the log management is carried out so as toprevent this user from committing the illegal act, by monitoring thejobs of the connecting users at a prescribed server. Of course, it isalso possible to take an action such as refusal of the connection forthose users who committed the illegal acts in the past.

[0076] In order to satisfy the above described condition, there is aneed for an authentication and accounting message system across aplurality of servers and clients such as the mobile terminal device, theaccounting server of the mobile carrier, the user log information serverof the ISP network, etc.

[0077] First, with reference to FIG. 5, the above described case (1)where the user of the mobile terminal device 20 should pay the fee forthe local network connection will be described.

[0078] Here, it is assumed that the device IDs of one or plurality ofthe mobile terminal devices 20 to be used by one or plurality of usersand the device IDs of the other devices 2 are registered in advance bythe telephone network access permission list 35 of the gateway device 1of some home network 11.

[0079] First, the mobile terminal device 20 notifies a messagecontaining its own device ID to the gateway device 1 at a time ofaccessing the home local network 3 (in order to utilize the ISP network9). The same also applies to the other device 2.

[0080] Upon receiving this message, the gateway device 1 checks whetherthe device ID contained in the message is registered in the telephonenetwork access permission list 35 or not, and if it is registered, thegateway device 1 provides the gateway service with respect to thismobile terminal device 20 such that this mobile terminal device 20 canaccess the ISP network 9 through the gateway device 1 (a messageindicating this fact may be transmitted from the gateway device 1 to themobile terminal device 20). In this case, the utilization fee of the ISPnetwork 9 will be charged to the contractor. Note that the same alsoapplies to the other registered device 2.

[0081] On the other hand, if the device ID is not registered in thetelephone network access permission list 35 of the gateway device 1, thegateway device 1 returns a message indicating that fact to the mobileterminal device 20.

[0082] Upon receiving this message, the mobile terminal device 20transmits a message containing the affiliated carrier information suchas the affiliated carrier ID to the gateway device 1. FIG. 6 shows anexemplary form of this message.

[0083] Note that the separate messages are transmitted for the device IDand the affiliated carrier information in the above, but it is alsopossible to transmit a single message containing the device ID and theaffiliated carrier information from the mobile terminal device 20 to thegateway device 1.

[0084] Now, the gateway device 1 checks the accounting server 101 of theISP network 9 to which the gateway device 1 is connected, for the mobileterminal device 20 which is not registered in the telephone networkaccess permission list 35, and checks the accounting server 102 of themobile carrier to which the mobile terminal device 20 belongs on theInternet 7 according to the affiliated carrier information notified fromthe mobile terminal device 20. Here it is assumed that the processing isterminated when either one of the accounting server 101 and theaccounting server 102 is not accessible. Also, the gateway device 1presents the condition such as the utilization fee on the ISP side tothe mobile terminal device 20, according to the prescribed fee systemfor the guest use of the ISP network 9 (this information may be storedin advance, or acquired from the accounting server 102, for example,when the need arises), and transmits a message for inquiring whetherthis condition is accepted or not.

[0085] Upon receiving this message, the mobile terminal device 20presents information regarding the condition such as the utilization feeto the user, and receives an input regarding whether this condition forthe use of the ISP network 9 is accepted or not from the user.

[0086] When the input indicating acceptance or the refusal of thecondition for the use of the ISP network 9 is received from the user,the mobile terminal device 20 transmits a message indicating theacceptance or the refusal to the gateway device 1.

[0087] When the gateway device 1 receives a message indicating therefusal from the mobile terminal device 20, the gateway device 1terminates the processing (in which case the gateway device 1 will notprovide the gateway service to this mobile terminal device 20).

[0088] When the gateway device 1 receives a message indicating theacceptance from the mobile terminal device 20, the gateway device 1relays a message indicating the acceptance and containing the device IDand the affiliated carrier information of that mobile terminal device 20to the accounting server 101 of the ISP network 9 (in which case thegateway device 1 will provide the gateway service to this mobileterminal device 20).

[0089] When the message from the mobile terminal device 20 is received,the accounting server 101 of the ISP network 9 transmits an accountingmessage to the accounting server 102 of the mobile carrier to which themobile terminal device 20 belongs, and receives the transfer of the fee.Here, the gateway device 1 may transmit the accounting message to theaccounting server 102 instead. The amount to be paid here can be basedon a fixed rate or a meter rate according to the connection time, and inthe latter case, the connection time is measured at the ISP side and theaccounting message is transmitted to the accounting server 102 of themobile carrier according to the measurement result.

[0090] Note that it is also possible to modify the above operation suchthat, when the message indicating the acceptance is received from themobile terminal device 20, the gateway device 1 returns a confirmationmessage with respect to that message to the mobile terminal device 20,and the mobile terminal device 20 starts the communications afterreceiving this confirmation message.

[0091] Note also that the acceptance or the refusal is entered by theuser of the mobile terminal device 20 in the above, but it is alsopossible to set up a relationship between the condition on theutilization fee and the acceptance or the refusal (by using a table or afunction, for example) in the mobile terminal device 20 in advance suchthat the mobile terminal device 20 automatically judges the acceptanceor the refusal and returns a response without presenting the conditionto the user in order to confirm the acceptance or the refusal to theuser.

[0092] It is also possible to change the control content according tothe user class (such that the fee system or the content of the servicethat can be received is different for different user classes, forexample) by adding information on the user class at the mobile carrierto which the mobile terminal device 20 belongs (the mobile carrierindicated by the mobile carrier ID in the message of FIG. 6), to themessage of FIG. 6. For example, it is possible to change the fee systemfor the charging or the content of the service to be provided to (theuser of) the mobile terminal device 20 differently according to the userclass at the mobile carrier, even at the ISP network 9 side as well.Else, it is also possible to make the ISP network 9 accessible only forthose mobile terminal devices 20 which have the service class above somelevel (under the condition that the acceptance of the user is obtainedas described above).

[0093] Next, with reference to FIG. 7, the above described case (2) ofcarrying out the log management for the actions by the user of themobile terminal device 20 will be described.

[0094] Here, it is assumed that the device IDs of one or plurality ofthe mobile terminal devices 20 to be used by one or plurality of usersand the device IDs of the other devices 2 are registered in advance bythe telephone network access permission list 35 of the gateway device 1of some home network 11.

[0095] First, the mobile terminal device 20 notifies a messagecontaining its own device ID to the gateway device 1 at a time ofaccessing the home local network 3 (in order to utilize the ISP network9). The same also applies to the other device 2.

[0096] Upon receiving this message, the gateway device 1 checks whetherthe device ID contained in the message is registered in the telephonenetwork access permission list 35 or not, and if it is registered, thegateway device 1 provides the gateway service with respect to thismobile terminal device 20 such that this mobile terminal device 20 canaccess the ISP network 9 through the gateway device 1 (a messageindicating this fact may be transmitted from the gateway device 1 to themobile terminal device 20). Note that the same also applies to the otherregistered device 2.

[0097] On the other hand, if the device ID is not registered in thetelephone network access permission list 35 of the gateway device 1, thegateway device 1 returns a message indicating that fact to the mobileterminal device 20.

[0098] Upon receiving this message, the mobile terminal device 20transmits a message (shown in FIG. 6, for example) containing theaffiliated carrier information such as the affiliated carrier ID to thegateway device 1.

[0099] Note that the separate messages are transmitted for the device IDand the affiliated carrier information in the above, but it is alsopossible to transmit a single message containing the device ID and theaffiliated carrier information from the mobile terminal device 20 to thegateway device 1.

[0100] Now, the gateway device 1 looks up the log server 201 in the ISPnetwork 9 according to the device ID and the affiliated carrierinformation, for the mobile terminal device 20 which is not registeredin the telephone network access permission list 35.

[0101] When the gateway device 1 transmits a look up message containingthe user information of the mobile terminal device 20 including thedevice ID and the affiliated carrier information to the log server 201for the first time, the log server 201 checks the user information listto see if this user is marked by an illegal user mark indicating a logof making the illegal access in the past or not.

[0102] In the case where the illegal user mark is recorded for themobile terminal device 20, the log server 201 transmits a messageindicating the refusal of the access to the gateway device 1, and thegateway device 1 returns this message to the mobile terminal device 20(in which case this mobile terminal device 20 will not be able to accessthe ISP network 9).

[0103] In the case where the illegal user mark is not recorded for themobile terminal device 20, the log server 201 transmits a messageindicating the permission of the access to the gateway device 1, and thegateway device 1 returns this message to the mobile terminal device 20(in which case this mobile terminal device 20 will be able to access theISP network 9).

[0104] When the access is permitted for (the user of) the mobileterminal device 20, all of the subsequent actions of the mobile terminaldevice 20 that are comprehended by the gateway device 1 (or only thejobs on the ISP network 9 side among them) will be transferred from thegateway device 1 to the log server 201. The log server 201 stores theuser information list and the log information, and logs of the jobs onthe ISP network 9 side of the mobile terminal device 20 will be stored.The log analysis is carried out by a back-end log analysis server (notshown), and if the illegal action is found, the illegal user mark isrecorded in the user information list.

[0105] The above procedure will be carried out for each ISP access madeby the non-registered mobile terminal device 20.

[0106] Note that, similarly as in the case (1), it is possible to permitthe access when the acceptance of the access condition that the logswill be recorded (or the acceptance of the access condition that thelogs will be recorded and the illegal user will be registered if theillegal access is found such that the subsequent accesses will berefused) is obtained from the non-registered mobile terminal device 20.

[0107] Also, FIG. 7 is directed to the case where the dedicated logserver 201 is located on the ISP network 9 side, but the log server canbe located in association with the gateway device 1, for example.

[0108] Note that (1) a configuration regarding the accounting asexplained with reference to FIG. 5 and (2) a configuration regarding thelog as explained with reference to FIG. 7 can be realized incombination. In this case, the non-registered mobile terminal device 20will be able to access the ISP network 9 through the gateway device 1when the user of this mobile terminal device 20 accepts the charge andthe illegal user mark is not recorded for this mobile terminal device20.

[0109]FIG. 8 shows the processing sequence for the above describedoperation.

[0110] The mobile terminal 20 generates an identification message at theidentification message generation unit 26 according to its own device IDas well as the content of the ID register 25 such as the affiliatedcarrier ID, at a time of accessing the home local network 3, andtransmits this identification message to the gateway device 1 via thesecond communication interface 24 (step Sl).

[0111] At the gateway device 1 side, the content of the local networkconnection permission list 34 and the device ID of the mobile terminaldevice 20 are compared, to judge whether the corresponding entry existsor not. If the corresponding entry exists, the access is possible (stepS2).

[0112] When there is no corresponding entry, the access condition isinquired to the authentication server (not shown) on the ISP network 9side according to the affiliated carrier ID and the user information(step S3).

[0113] The authentication server presents the condition (accounting, logmanagement, etc.) for the mobile terminal device 20 to use the ISPnetwork 9 (step S4), and the gateway device 1 relays this condition andwaits for a response from the user of the mobile terminal device 20.

[0114] When the user accepts the condition (step S6), the necessarycondition processing is carried out.

[0115] In the case of carrying out the accounting, the accountingcondition and the server to be accounted (the accounting server 102 ofthe mobile carrier, for example) are notified to the accounting server101 of the ISP network 9 (step S7). As a result, the accouting accordingto the amount of use will be carried out.

[0116] Also, in the case of carrying out the log acquisition, thematching with the illegal user list in the log server 201 is carried out(step S7), and if there is no illegal access log, the log acquisition isset in the log server 201 and the fact that the access is possible isnotified to the mobile terminal device 20.

[0117] Next, with reference to FIG. 9, the case where the device 2 onthe home local network 3 side accesses the resource (server) 301 locatedon the cellular phone network 6 side in a state in which the mobileterminal device 20 bridges the cellular phone network 6 and the homelocal network 3 will be described.

[0118] For example, this can be the case when a PDA (Personal DigitalAssistant) device 2 connected to the home local network 3 accesses a PIM(Personal Information Manager) data (a schedule table, for example) 301located on the cellular phone network 6 side and carries out thesynchronization processing. Also, the access from the home local network3 side to the cellular phone network 6 is not necessarily limited tothat of the device 2 which is directly connected to the home localnetwork 3. For example, the access can be made from the ISP network 9side via the gateway device 1.

[0119] In this case, the mobile terminal device 20 will be leasing itsown access right to the access from the home local network 3 side, sothat there is a need for a procedure to permit the access only when themobile terminal device 20 permits the utilization of its own accessright.

[0120] Also, there is a need to prevent an attack to or an illegal useof the resource 301 on the cellular phone network 6 side by verifyingthe authenticity of the access by making an entry into the telephonenetwork access permission list 35 provided in the gateway device 1 withrespect to the access from the ISP network 9 side, such that theportable terminal device 20 permits the access to the resource on thecellular phone network 6 side only when the authenticity is verified andfilters out any other messages.

[0121] More specifically, consider the case where some device 2 wishesto make an access to the cellular phone network 6 while the mobileterminal device 20 is connected by both the first and secondcommunication interfaces 23 and 24.

[0122]FIG. 10 shows an exemplary processing of the mobile terminaldevice 20 in this case.

[0123] Here, it is assumed that the device 2 registers a key for theauthentication in advance by carrying out the access registration withrespect to the cellular phone network 6 side. This key is stored in theauthentication key memory 28 of the mobile terminal 28, incorrespondence with the ID information of that device 2.

[0124] In the case where the device 2 accesses the cellular phonenetwork 6, the device 2 attaches a message authentication code based ona one-way hash function such as MD5, for example, by using thisauthentication key, to a message in a prescribed format, and transmitsthis message to the mobile terminal device 20.

[0125] Upon receiving this message (step S11), the mobile terminaldevice 20 carries out the authentication processing (step S12). Forexample, the authentication key is searched by using the ID information(IP address, for example) in the header of the message as a key, themessage authentication code is calculated by the same method (MD5, forexample) used by the device 2 in generating the message authenticationcode, and whether the calculated message authentication code coincideswith the message authentication code (generated by the device 2 and)attached to the message or not is checked.

[0126] When the authentication succeeds, i.e., when the two messageauthentication codes coincide in the above example (step S12 YES), Ackmessage is returned to the device 2 and the subsequent access from thedevice 2 will be transferred to the cellular phone network 6 (step S13).

[0127] On the other hand, when the authentication fails, i.e., when thetwo message authentication codes do not coincide in the above example(step S12 NO), Nack message is returned to the device (step S15) and thesubsequent access from the device 2 will not be transferred to thecellular phone network 6.

[0128] Also, in the case where some device from the ISP network 9 sidevia the gateway device 1 wishes to make an access to the cellular phonenetwork 6 side via the mobile terminal device 20, the authentication keysharing and the sequence using the message authentication code can beused similarly (see FIG. 10).

[0129] However, in general, when there are not many accesses from theISP network 9 side, it is also possible (for the gateway device 1) togive the access permission by checking the matching of the sourceaddress, the protocol type, the port number, etc., with the telephonenetwork access permission list 35 in the gateway device 1. In this case,the mobile terminal device 20 will not carry out the authentication asdescribed above for those packets that are transferred through thegateway device 1.

[0130] As described, according to this embodiment, when some mobileterminal device is capable of accessing the ISP network via the localnetwork (Bluetooth, etc.)/gateway but does not have an access right oran access qualification with respect to the ISP network that is given inadvance, it becomes possible for this mobile terminal device to accessthe ISP network via the local network/gateway, by carrying out aprocedure for paying the fee from the user of the mobile terminal deviceto the ISP or a procedure for monitoring by recording logs with respectto the mobile terminal device.

[0131] In this embodiment, this can be realized by combining the accesscontrol list on the gateway and the authentication and accountingmessages to be transmitted from the mobile terminal device via thegateway.

[0132] Also, when some mobile terminal device is accessible to thecellular phone network and the local network, it becomes possible for adevice on the local network or a device on the fixed communicationnetwork (via the gateway/local network) to access the resource on thecellular phone network side via this mobile terminal device, by carryingout a procedure for authentication or the access permission.

[0133] In this embodiment, it is possible to enable the authenticatedtelephone network access by defining the authentication sequence betweenthe home network device and the mobile terminal device, and the accessto the resource on the cellular phone network side is permitted only forthe device that has successfully completed the authentication sequence.

[0134] It is also possible to adjust these detailed setting conditionsin accordance with the policies of the various networks (such as thehome network, the cellular phone network, the fixed communicationnetwork). For example, when there is a partnership for carrying out theaccess log processing at the fixed communication network provider B sideon behalf of the cellular phone network provider A, it is possible tocarry out the transfer of the authentication and accounting messages bytaking this partnership in consideration. Such a customization can bemade freely (within a range of not violating the basic policy of eachnetwork).

[0135] Thus according to the present invention, even when a mobileterminal device belonging to some mobile carrier does not have a rightor a qualification for accessing the fixed communication network via thelocal network/gateway that is given in advance, it is possible for thismobile terminal device to access the fixed communication network via thelocal network/gateway, by carrying out a procedure for paying the feefrom the user of the mobile terminal device to the fixed communicationnetwork provider or a procedure for monitoring the mobile terminaldevice.

[0136] Also, according to the present invention, it is possible for adevice other than the mobile terminal device to access the resource inthe mobile carrier network to which the mobile terminal device belongs,from the local network through the mobile terminal device.

[0137] Note that, in the above, it is assumed that the mobile terminaldevice 20 has the ordinary voice communication function, but the mobileterminal device 20 may have communication functions for information inother forms such as text communications in addition to or instead of theordinary voice communication function. The mobile terminal device 20 maybe a device which is capable of utilizing only the Internet service. Thesimilar modifications are also possible with respect to the servicesprovided by the communication service provider.

[0138] Note also that the home network used in the above description canbe replaced by any other local network without affecting theapplicability of the present invention.

[0139] Note also that, in the present invention, the existing IPv4 orIPv6 devices can be used without requiring any modification, and theconventional IPv4 or IPv6 addressing architecture can be used withoutany change. Consequently, it is advantageous in terms of thecompatibility with the existing devices.

[0140] Note also that the present invention can be easily expandedaccording to the network management policies of the various mobilecarriers. The present invention is also applicable not only to the IPv4or IPv6 but also to the packet communications using the cellular phonesthat are proposed recently.

[0141] It is to be noted that the above described embodiment accordingto the present invention may be conveniently implemented using aconventional general purpose digital computer programmed according tothe teachings of the present specification, as will be apparent to thoseskilled in the computer art. Appropriate software coding can readily beprepared by skilled programmers based on the teachings of the presentdisclosure, as will be apparent to those skilled in the software art.

[0142] In particular, each of the gateway device and the mobile terminaldevice of the above described embodiment can be conveniently implementedin a form of a software package.

[0143] Such a software package can be a computer program product whichemploys a storage medium including stored computer code which is used toprogram a computer to perform the disclosed function and process of thepresent invention. The storage medium may include, but is not limitedto, any type of conventional floppy disks, optical disks, CD-ROMs,magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnetic or opticalcards, or any other suitable media for storing electronic instructions.

[0144] It is also to be noted that, besides those already mentionedabove, many modifications and variations of the above embodiments may bemade without departing from the novel and advantageous features of thepresent invention. Accordingly, all such modifications and variationsare intended to be included within the scope of the appended claims.

What is claimed is:
 1. A communication system, comprising: a mobileterminal device capable of accessing both a mobile communication networkand a local network simultaneously; and a gateway device providedbetween a fixed communication network and the local network; the mobileterminal device having: an identification information notification unitconfigured to notify a device identification information of the mobileterminal device and a mobile carrier identification information of amobile carrier to which the mobile terminal device belongs, to thegateway device, at a time of accessing the fixed communication networkfrom the local network through the gateway device; and a user responsenotification unit configured to notify a user response indicating user'sacceptance or refusal of an accounting condition notified from thegateway device, to the gateway device; and the gateway device having: anaccounting condition notification unit configured to notify theaccounting condition for the mobile terminal device to access the fixedcommunication network through the gateway device when the deviceidentification information notified from the mobile terminal device isnot registered at the gateway device in advance, to the mobile terminaldevice; and a user message notification unit configured to notify amessage indicating the device identification information and the mobilecarrier identification information notified from the mobile terminaldevice, and a fact that a user of the mobile terminal device asidentified by the device identification information and the mobilecarrier identification information has accepted a payment of a feeaccording to the accounting condition to a fixed communication networkprovider through the mobile carrier identified by the mobile carrieridentification information, to a fixed communication network side, whenthe user's response indicating user's acceptance of the accountingcondition is notified from the mobile terminal device.
 2. Acommunication system, comprising: a mobile terminal device capable ofaccessing both a mobile communication network and a local networksimultaneously; and a gateway device provided between a fixedcommunication network and the local network; the mobile terminal devicehaving: an identification information notification unit configured tonotify a device identification information of the mobile terminal deviceand a mobile carrier identification information of a mobile carrier towhich the mobile terminal device belongs, to the gateway device, at atime of accessing the fixed communication network from the local networkthrough the gateway device; and the gateway device having: a checkingunit configured to check whether the mobile terminal device is relatedto any illegal user or not according to the device identificationinformation and the mobile carrier identification information notifiedfrom the mobile terminal device when the device identificationinformation notified from the mobile terminal device is not registeredat the gateway device in advance; and an access control unit configuredto permit an access to the fixed communication network by the mobileterminal device and start a processing for monitoring the access to thefixed communication network by the mobile terminal device through thegateway device, when the mobile terminal device is not related to anyillegal user as a result of checking by the checking unit.
 3. Acommunication system, comprising: a mobile terminal device capable ofaccessing both a mobile communication network and a local networksimultaneously; and a gateway device provided between a fixedcommunication network and the local network; the mobile terminal devicehaving: an authentication unit configured to carry out an authenticationof a communication device which is either located on the local networkor connected through the gateway device, when a request for access to amobile communication network side via the mobile terminal device isreceived from the communication device through the local network; and arelay unit configured to start a processing for relaying packets fromthe communication device to the mobile communication network side whenthe authentication by the authentication unit succeeds.
 4. Acommunication system, comprising: a mobile terminal device capable ofaccessing both a mobile communication network and a local networksimultaneously; and a gateway device provided between a fixedcommunication network and the local network; the gateway device having:a processing unit configured to judge whether a packet received from afixed communication network side and destined to a mobile communicationnetwork side via the mobile terminal device is to be relayed to themobile terminal device or not according to an attribute of the packetupon receiving the packet; and a transfer unit configured to transferthe packet to the mobile terminal device through the local network whenthe packet is judged to be relayed by the processing unit; and themobile terminal device having: an authentication unit configured tocarry out an authentication of a communication device, when a requestfor access to the mobile communication network side via the mobileterminal device is received from a communication device located on thelocal network; and a relay unit configured to start a processing forrelaying packets from the communication device to the mobilecommunication network side when the authentication by the authenticationunit succeeds.
 5. A mobile terminal device capable of accessing both amobile communication network and a local network simultaneously, themobile terminal device comprising: a first communication interfaceprovided with respect to the mobile communication network; a secondcommunication interface provided with respect to the local network; apacket communication unit configured to carry out first packetcommunications through the first communication interface and secondpacket communications through the second communication interface; anidentification information notification unit configured to notify adevice identification information of the mobile terminal device and amobile carrier identification information of a mobile carrier to whichthe mobile terminal device belongs, to a gateway device provided betweena fixed communication network and the local network, at a time ofaccessing the fixed communication network via the gateway device,through the second communication interface; and a user responsenotification unit configured to notify a user response indicating user'sacceptance or refusal of a condition for the mobile terminal device toaccess the fixed communication network through the gateway device thatis presented from the gateway device after the device identificationinformation and the mobile carrier identification information arenotified to the gateway device by the identification informationnotification unit.
 6. The mobile terminal device of claim 5, wherein theuser response notification unit notifies the user response indicatinguser's acceptance or refusal of the condition which indicates anaccounting condition regarding a utilization fee to be paid by a user ofthe mobile terminal device to a fixed communication network providerthrough the mobile carrier identified by the mobile carrieridentification information. 7 The mobile terminal device of claim 5,wherein the user response notification unit notifies the user responseindicating user's acceptance or refusal of the condition which indicatesthat a log information regarding accesses by the mobile terminal devicewill be recorded.
 8. The mobile terminal device of claim 5, wherein thesecond communication interface supports Bluetooth as the local network.9. The mobile terminal device of claim 5, further comprising a voicecommunication unit configured to carry out voice communications.
 10. Amobile terminal device capable of accessing both a mobile communicationnetwork and a local network simultaneously, the mobile terminal devicecomprising: a first communication interface provided with respect to themobile communication network; a second communication interface providedwith respect to the local network; a packet communication unitconfigured to carry out first packet communications through the firstcommunication interface and second packet communications through thesecond communication interface; an authentication unit configured tocarry out an authentication of a communication device which is eitherlocated on the local network or connected through a gateway deviceprovided between a fixed communication network and the local network,when a request for access to a mobile communication network side via themobile terminal device is received from the communication device throughthe second communication interface; and a relay unit configured to starta processing for relaying packets from the communication device to themobile communication network side when the authentication by theauthentication unit succeeds.
 11. The mobile terminal device of claim10, wherein the second communication interface supports Bluetooth as thelocal network.
 12. The mobile terminal device of claim 10, furthercomprising a voice communication unit configured to carry out voicecommunications.
 13. A gateway device provided between a fixedcommunication network and a local network, the gateway devicecomprising: a first communication interface provided with respect to thefixed communication network; a second communication interface providedwith respect to the local network; a packet communication unitconfigured to carry out first packet communications through the firstcommunication interface and second packet communications through thesecond communication interface; an accounting condition notificationunit configured to notify an accounting condition for a mobile terminaldevice to access the fixed communication network through the gatewaydevice when a procedure for accessing the fixed communication networkfrom the mobile terminal device is received through the secondcommunication interface and a device identification information notifiedfrom the mobile terminal device is not registered at the gateway devicein advance, to the mobile terminal device; and a user messagenotification unit configured to notify a message indicating the deviceidentification information and a mobile carrier identificationinformation notified from the mobile terminal device, and a fact that auser of the mobile terminal device as identified by the deviceidentification information and the mobile carrier identificationinformation has accepted a payment of a fee according to the accountingcondition to a fixed communication network provider through the mobilecarrier identified by the mobile carrier identification information, toa fixed communication network side, when a user response indicatinguser's acceptance of the accounting condition is notified from themobile terminal device through the second communication interface. 14.The gateway device of claim 13, wherein the second communicationinterface supports Bluetooth as the local network.
 15. A gateway deviceprovided between a fixed communication network and a local network, thegateway device comprising: a first communication interface provided withrespect to the fixed communication network; a second communicationinterface provided with respect to the local network; a packetcommunication unit configured to carry out first packet communicationsthrough the first communication interface and second packetcommunications through the second communication interface; a checkingunit configured to check whether a mobile terminal device is related toany illegal user or not according to a device identification informationand a mobile carrier identification information notified from the mobileterminal device when a procedure for accessing the fixed communicationnetwork from the mobile terminal device is received through the secondcommunication interface and the device identification informationnotified from the mobile terminal device is not registered at thegateway device in advance; and an access control unit configured topermit an access to the fixed communication network by the mobileterminal device and start a processing for monitoring the access to thefixed communication network by the mobile terminal device through thegateway device, when the mobile terminal device is not related to anyillegal user as a result of checking by the checking unit.
 16. Thegateway device of claim 15, wherein the second communication interfacesupports Bluetooth as the local network.
 17. A gateway device providedbetween a fixed communication network and a local network, the gatewaydevice comprising: a first communication interface provided with respectto the fixed communication network; a second communication interfaceprovided with respect to the local network; a packet communication unitconfigured to carry out first packet communications through the firstcommunication interface and second packet communications through thesecond communication interface; a processing unit configured to judgewhether a packet received from a fixed communication network side anddestined to a mobile communication network side via a mobile terminaldevice which is capable of accessing both a mobile communication networkand the local network simultaneously, is to be relayed to the mobileterminal device through the second communication interface or notaccording to an attribute of the packet upon receiving the packet fromthe fixed communication network side through the first communicationinterface; and a transfer unit configured to transfer the packet to themobile terminal device through the second communication interface whenthe packet is judged to be relayed by the processing unit.
 18. Thegateway device of claim 17, wherein the second communication interfacesupports Bluetooth as the local network.
 19. A method for controlling amobile terminal device capable of accessing both a mobile communicationnetwork and a local network simultaneously, the method comprising:notifying a device identification information of the mobile terminaldevice and a mobile carrier identification information of a mobilecarrier to which the mobile terminal device belongs, to a gateway deviceprovided between a fixed communication network and the local network, ata time of accessing the fixed communication network via the gatewaydevice, through the local network; and notifying a user responseindicating user's acceptance or refusal of a condition for the mobileterminal device to access the fixed communication network through thegateway device that is presented from the gateway device after thedevice identification information and the mobile carrier identificationinformation are notified to the gateway device.
 20. A method forcontrolling a mobile terminal device capable of accessing both a mobilecommunication network and a local network simultaneously, the methodcomprising: carrying out an authentication of a communication devicewhich is either located on the local network or connected through agateway device provided between a fixed communication network and thelocal network, when a request for access to a mobile communicationnetwork side via the mobile terminal device is received from thecommunication device; and starting a processing for relaying packetsfrom the communication device to the mobile communication network sidewhen the authentication succeeds.
 21. A method for controlling a gatewaydevice provided between a fixed communication network and a localnetwork, the method comprising: notifying an accounting condition for amobile terminal device to access the fixed communication network throughthe gateway device when a procedure for accessing the fixedcommunication network from the mobile terminal device is receivedthrough the local network and a device identification informationnotified from the mobile terminal device is not registered at thegateway device in advance, to the mobile terminal device; and notifyinga message indicating the device identification information and a mobilecarrier identification information notified from the mobile terminaldevice, and a fact that a user of the mobile terminal device asidentified by the device identification information and the mobilecarrier identification information has accepted a payment of a feeaccording to the accounting condition to a fixed communication networkprovider through the mobile carrier identified by the mobile carrieridentification information, to a fixed communication network side, whena user response indicating user's acceptance of the accounting conditionis notified from the mobile terminal device through the local network.22. A method for controlling a gateway device provided between a fixedcommunication network and a local network, the method comprising:checking whether a mobile terminal device is related to any illegal useror not according to a device identification information and a mobilecarrier identification information notified from the mobile terminaldevice when a procedure for accessing the fixed communication networkfrom the mobile terminal device is received through the local networkand the device identification information notified from the mobileterminal device is not registered at the gateway device in advance; andpermitting an access to the fixed communication network by the mobileterminal device and starting a processing for monitoring the access tothe fixed communication network by the mobile terminal device throughthe gateway device, when the mobile terminal device is not related toany illegal user as a result of checking.
 23. A method for controlling agateway device provided between a fixed communication network and alocal network, the method comprising: judging whether a packet receivedfrom a fixed communication network side and destined to a mobilecommunication network side via a mobile terminal device which is capableof accessing both a mobile communication network and the local networksimultaneously, is to be relayed to the mobile terminal device throughthe local network or not according to an attribute of the packet uponreceiving the packet from the fixed communication network side; andtransferring the packet to the mobile terminal device through the localnetwork when the packet is judged to be relayed.
 24. A computer programproduct for causing a computer to control a mobile terminal devicecapable of accessing both a mobile communication network and a localnetwork simultaneously, the computer program product comprising: firstcomputer program codes for causing the computer to notify a deviceidentification information of the mobile terminal device and a mobilecarrier identification information of a mobile carrier to which themobile terminal device belongs, to a gateway device provided between afixed communication network and the local network, at a time ofaccessing the fixed communication network via the gateway device,through the local network; and second computer program codes for causingthe computer to notify a user response indicating user's acceptance orrefusal of a condition for the mobile terminal device to access thefixed communication network through the gateway device that is presentedfrom the gateway device after the device identification information andthe mobile carrier identification information are notified to thegateway device.
 25. A computer program product for causing a computer tocontrol a mobile terminal device capable of accessing both a mobilecommunication network and a local network simultaneously, the computerprogram product comprising: first computer program codes for causing thecomputer to carry out an authentication of a communication device whichis either located on the local network or connected through a gatewaydevice provided between a fixed communication network and the localnetwork, when a request for access to a mobile communication networkside via the mobile terminal device is received from the communicationdevice; and second computer program codes for causing the computer tostart a processing for relaying packets from the communication device tothe mobile communication network side when the authentication succeeds.26. A computer program product for causing a computer to control agateway device provided between a fixed communication network and alocal network, the computer program product comprising: first computerprogram codes for causing the computer to notify an accounting conditionfor a mobile terminal device to access the fixed communication networkthrough the gateway device when a procedure for accessing the fixedcommunication network from the mobile terminal device is receivedthrough the local network and a device identification informationnotified from the mobile terminal device is not registered at thegateway device in advance, to the mobile terminal device; and secondcomputer program codes for causing the computer to notify a messageindicating the device identification information and a mobile carrieridentification information notified from the mobile terminal device, anda fact that a user of the mobile terminal device as identified by thedevice identification information and the mobile carrier identificationinformation has accepted a payment of a fee according to the accountingcondition to a fixed communication network provider through the mobilecarrier identified by the mobile carrier identification information, toa fixed communication network side, when a user response indicatinguser's acceptance of the accounting condition is notified from themobile terminal device through the local network.
 27. A computer programproduct for causing a computer to control a gateway device providedbetween a fixed communication network and a local network, the computerprogram product comprising: first computer program codes for causing thecomputer to check whether a mobile terminal device is related to anyillegal user or not according to a device identification information anda mobile carrier identification information notified from the mobileterminal device when a procedure for accessing the fixed communicationnetwork from the mobile terminal device is received through the localnetwork and the device identification information notified from themobile terminal device is not registered at the gateway device inadvance; and second computer program codes for causing the computer topermit an access to the fixed communication network by the mobileterminal device and start a processing for monitoring the access to thefixed communication network by the mobile terminal device through thegateway device, when the mobile terminal device is not related to anyillegal user as a result of checking.
 28. A computer program product forcausing a computer to control a gateway device provided between a fixedcommunication network and a local network, the computer program productcomprising: first computer program codes for causing the computer tojudge whether a packet received from a fixed communication network sideand destined to a mobile communication network side via a mobileterminal device which is capable of accessing both a mobilecommunication network and the local network simultaneously, is to berelayed to the mobile terminal device through the local network or notaccording to an attribute of the packet upon receiving the packet fromthe fixed communication network side; and second computer program codesfor causing the computer to transfer the packet to the mobile terminaldevice through the local network when the packet is judged to berelayed.